On Tue, 15 Nov 2022 13:56:38 +0100, Maurizio Lombardi wrote: > In case a malicious initiator sends some random data immediately after a > login PDU; the iscsi_target_sk_data_ready() callback will > schedule the login_work and, at the same time, > the negotiation may end without clearing the LOGIN_FLAGS_INITIAL_PDU flag > (because no additional PDU exchanges are required to complete the login). > > The login has been completed but the login_work function > will find the LOGIN_FLAGS_INITIAL_PDU flag set and will > never stop from rescheduling itself; > at this point, if the initiator drops the connection, the iscsit_conn > structure will be freed, login_work will dereference a released > socket structure and the kernel crashes. > > [...] Applied to 6.2/scsi-queue, thanks! [1/1] target: fix a race condition between login_work and the login thread https://git.kernel.org/mkp/scsi/c/fec1b2fa62c1 -- Martin K. Petersen Oracle Linux Engineering